ATLANTA--(BUSINESS WIRE)--Plaintiffs from 43 states filed a class-action lawsuit against Equifax today, following the credit bureau’s data breach affecting an estimated 143 million consumers. Robbins Geller and Hagens Berman, two of the nation’s most successful firms specializing in nationwide class-action cases on behalf of consumers and investors, are fighting for reimbursement and genuine protection from identity theft for consumers with a legal team including experts in data breach class actions and former federal prosecutors, including a former federal cyber-prosecutor.
Hagens Berman attorneys developed a comprehensive Equifax data breach FAQ for those affected by the hack, where they answer key questions about protecting your identity, the lawsuit, and what consumers can expect from a class-action lawsuit against Equifax. The firms’ comprehensive lawsuit seeks to make affected consumers whole and seeks remedies for Equifax’s negligence and violations of 62 state consumer protection and data breach laws. Find out your rights.
The complaint, filed Sept. 22, 2017, in the U.S. District Court for the Northern District of Georgia, states that Equifax failed to follow simple rules that any credit reporting agency must follow, including protecting the information it collects by maintaining computer and data security, and ensuring that any system vulnerabilities are patched quickly, especially when such patches are free and readily available.
“The massive data breach could have been prevented and should have been detected and disclosed earlier,” the suit states.
Paul Geller, founding partner and the head of Robbins Geller’s Consumer Fraud and Multi-District Litigation Practice Group who has led many class actions involving data breaches and privacy laws, said, “The scope and breath of this security breach is staggering. Equifax collects and stores private data on millions of Americans every day, and its failure to protect that data from hackers shocks the conscience.”
Steve Berman, Hagens Berman’s managing partner stated: “It’s ironic that one of the largest sellers of identity theft protection, itself disregarded the basic and industry standard practice of installing security patches. This data breach will have devastating and long-lasting repercussions for nearly half the adult population of the United States.”
Stuart Davidson, the partner at Robbins Geller leading its data breach practice added: “Equifax recently boasted more than $3.1 billion in revenue and nearly $1 billion in profits in its 2016 annual report. It clearly had the resources to make sure that all available security patches were promptly installed, and had it done so, it would have prevented this massive breach of the most sensitive data belonging to 143 million consumers.”
“These hackers were able to walk away with Social Security numbers, addresses, birthdates, driver’s license numbers, and in some cases credit card numbers, thanks to Equifax’s lax processes for data safety and security,” said Thomas Loeser, a former federal cyber-prosecutor and partner at Hagens Berman. “This breach has provided criminals with the crown jewels of identity theft.”
The suit details that for two months before the data breach started, Equifax had notice of the software vulnerability that hackers exploited. Despite press reports of widespread use of this vulnerability, Equifax failed to install an available patch or take its vulnerable systems offline.
Ars Technica reported on Mar. 9, 2017 and Mar. 14, 2017 that sites using the software framework that led to the Equifax breach – “Apache Struts CVE-2017-5638” – were under heavy attack by hackers. The framework’s vulnerability had been publicly disclosed and widely known since Mar. 2017, according to the lawsuit, and the Apache Software Foundation gave public notice on Mar. 7, 2017, after making a security patch freely available on Mar. 6, 2017.
Loeser, who prosecuted hackers for data breach crimes when he worked for the Department of Justice, explained: “While consumers can readily change credit card account numbers and close vulnerable bank accounts, Social Security numbers and driver’s license numbers are usually permanent and difficult and costly to change. This means that criminals and identity thieves can wait months, years, even decades, before using the stolen information to open loans, obtain credit cards, and file false federal tax returns in unsuspecting victims’ names.”
Teaming up to litigate what is by large measure the largest data breach ever stemmed from the two firms’ past working relationship and mutual respect. According to Geller, “our firms each have the human and financial resources to take on the largest and most powerful corporations, and we’ve each achieved some of the most significant class action recoveries in history. As a pairing, we’re a formidable team that is laser focused on achieving real justice for the public.”
Robbins Geller Rudman & Dowd LLP is widely recognized as a leading law firm advising and representing clients in complex litigation, including litigation involving consumer fraud, securities fraud, antitrust claims, ERISA claims, insurance fraud and intellectual property, as well as whistleblower protection and qui tam suits. With 200 lawyers in 10 offices, Robbins Geller has obtained many of the largest class action recoveries in history. Robbins Geller attorneys have recovered tens of billions of dollars on behalf of the Firm’s clients. Robbins Geller not only secures recoveries for defrauded consumers and investors, it also implements significant corporate governance reforms, helping to improve the financial markets worldwide. Please visit rgrdlaw.com for more information.
Hagens Berman Sobol Shapiro LLP is a consumer-rights class-action law firm with 11 offices across the country. The firm has been named to the National Law Journal’s Plaintiffs’ Hot List eight times. More about the law firm and its successes can be found at www.hbsslaw.com. Follow the firm for updates and news at @ClassActionLaw.